[GitHub] [geode] kirklund commented on a change in pull request #6789: GEODE-9458: function execution with expiring authentication

GitBox Mon, 23 Aug 2021 11:19:04 -0700


kirklund commented on a change in pull request #6789:
URL: https://github.com/apache/geode/pull/6789#discussion_r694201033




##########
File path: 
geode-core/src/upgradeTest/java/org/apache/geode/security/AuthExpirationFunctionDUnitTest.java
##########
@@ -0,0 +1,142 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more 
contributor license
+ * agreements. See the NOTICE file distributed with this work for additional 
information regarding
+ * copyright ownership. The ASF licenses this file to You under the Apache 
License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the 
License. You may obtain a
+ * copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software 
distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 
KIND, either express
+ * or implied. See the License for the specific language governing permissions 
and limitations under
+ * the License.
+ */
+package org.apache.geode.security;
+
+import static org.apache.geode.cache.execute.FunctionService.onServer;
+import static 
org.apache.geode.distributed.ConfigurationProperties.SECURITY_CLIENT_AUTH_INIT;
+import static 
org.apache.geode.distributed.ConfigurationProperties.SECURITY_MANAGER;
+import static org.apache.geode.test.version.VersionManager.CURRENT_VERSION;
+import static org.assertj.core.api.AssertionsForClassTypes.assertThat;
+
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Map;
+import java.util.Objects;
+import java.util.Properties;
+
+import org.junit.After;
+import org.junit.BeforeClass;
+import org.junit.ClassRule;
+import org.junit.Test;
+import org.junit.experimental.categories.Category;
+
+import org.apache.geode.cache.RegionShortcut;
+import org.apache.geode.cache.client.ClientCache;
+import org.apache.geode.cache.execute.Function;
+import org.apache.geode.cache.execute.ResultCollector;
+import org.apache.geode.distributed.ConfigurationProperties;
+import org.apache.geode.management.internal.security.TestFunctions;
+import org.apache.geode.test.dunit.rules.ClientVM;
+import org.apache.geode.test.dunit.rules.ClusterStartupRule;
+import org.apache.geode.test.dunit.rules.MemberVM;
+import org.apache.geode.test.junit.categories.SecurityTest;
+import org.apache.geode.test.junit.rules.VMProvider;
+
+@Category({SecurityTest.class})
+public class AuthExpirationFunctionDUnitTest {
+  private static final String RELEASE_VERSION = "1.13.3";
+
+  private static Function<Object> writeFunction;
+
+  private static MemberVM serverVM;
+  private static ClientVM currentVersionClientVM, releaseVersionClientVM;

Review comment:
       Please declare all variables, constants, etc on their own line. It's a 
bug in Spotless that it allows this.

##########
File path: 
geode-core/src/upgradeTest/java/org/apache/geode/security/AuthExpirationFunctionDUnitTest.java
##########
@@ -0,0 +1,142 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more 
contributor license
+ * agreements. See the NOTICE file distributed with this work for additional 
information regarding
+ * copyright ownership. The ASF licenses this file to You under the Apache 
License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the 
License. You may obtain a
+ * copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software 
distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 
KIND, either express
+ * or implied. See the License for the specific language governing permissions 
and limitations under
+ * the License.
+ */
+package org.apache.geode.security;
+
+import static org.apache.geode.cache.execute.FunctionService.onServer;
+import static 
org.apache.geode.distributed.ConfigurationProperties.SECURITY_CLIENT_AUTH_INIT;
+import static 
org.apache.geode.distributed.ConfigurationProperties.SECURITY_MANAGER;
+import static org.apache.geode.test.version.VersionManager.CURRENT_VERSION;
+import static org.assertj.core.api.AssertionsForClassTypes.assertThat;
+
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Map;
+import java.util.Objects;
+import java.util.Properties;
+
+import org.junit.After;
+import org.junit.BeforeClass;
+import org.junit.ClassRule;
+import org.junit.Test;
+import org.junit.experimental.categories.Category;
+
+import org.apache.geode.cache.RegionShortcut;
+import org.apache.geode.cache.client.ClientCache;
+import org.apache.geode.cache.execute.Function;
+import org.apache.geode.cache.execute.ResultCollector;
+import org.apache.geode.distributed.ConfigurationProperties;
+import org.apache.geode.management.internal.security.TestFunctions;
+import org.apache.geode.test.dunit.rules.ClientVM;
+import org.apache.geode.test.dunit.rules.ClusterStartupRule;
+import org.apache.geode.test.dunit.rules.MemberVM;
+import org.apache.geode.test.junit.categories.SecurityTest;
+import org.apache.geode.test.junit.rules.VMProvider;
+
+@Category({SecurityTest.class})
+public class AuthExpirationFunctionDUnitTest {
+  private static final String RELEASE_VERSION = "1.13.3";
+
+  private static Function<Object> writeFunction;
+
+  private static MemberVM serverVM;
+  private static ClientVM currentVersionClientVM, releaseVersionClientVM;
+
+  @ClassRule
+  public static ClusterStartupRule lsRule = new ClusterStartupRule();
+
+  @BeforeClass
+  public static void beforeClass() throws Exception {
+    Properties properties = new Properties();
+    properties.setProperty(SECURITY_MANAGER, 
ExpirableSecurityManager.class.getName());
+    properties.setProperty(ConfigurationProperties.SERIALIZABLE_OBJECT_FILTER,
+        "org.apache.geode.management.internal.security.TestFunctions*");
+    serverVM = lsRule.startServerVM(0, properties);
+
+    serverVM.invoke(() -> {
+      Objects.requireNonNull(ClusterStartupRule.getCache())
+          .createRegionFactory(RegionShortcut.REPLICATE).create("region");
+    });
+    int serverPort = serverVM.getPort();
+    currentVersionClientVM = lsRule.startClientVM(1, CURRENT_VERSION, c1 -> c1
+        .withProperty(SECURITY_CLIENT_AUTH_INIT, 
UpdatableUserAuthInitialize.class.getName())
+        .withPoolSubscription(true)
+        .withServerConnection(serverPort));
+    releaseVersionClientVM = lsRule.startClientVM(2, RELEASE_VERSION,
+        c -> c.withProperty(SECURITY_CLIENT_AUTH_INIT, 
UpdatableUserAuthInitialize.class.getName())
+            .withPoolSubscription(true)
+            .withServerConnection(serverPort));
+
+    VMProvider.invokeInEveryMember(() -> writeFunction = new 
TestFunctions.WriteFunction(),
+        serverVM, currentVersionClientVM, releaseVersionClientVM);
+  }
+
+  @After
+  public void after() {
+    // make sure after each test, the values of the ExpirationManager are reset
+    serverVM.invoke(ExpirableSecurityManager::reset);
+  }
+
+  @Test
+  public void 
currentClientShouldReAuthenticateWhenCredentialExpiredAndFunctionExecutionSucceed()
 {
+    clientShouldReAuthenticateWhenCredentialExpiredAndFunctionExecutionSucceed(
+        currentVersionClientVM);
+  }
+
+  @Test
+  public void 
releaseClientShouldReAuthenticateWhenCredentialExpiredAndFunctionExecutionSucceed()
 {
+    clientShouldReAuthenticateWhenCredentialExpiredAndFunctionExecutionSucceed(
+        releaseVersionClientVM);
+  }
+
+  private void 
clientShouldReAuthenticateWhenCredentialExpiredAndFunctionExecutionSucceed(
+      ClientVM clientVM) {
+    clientVM.invoke(() -> {
+      ClientCache clientCache = ClusterStartupRule.getClientCache();
+      assertThat(clientCache).isNotNull();
+      UpdatableUserAuthInitialize.setUser("data1");
+      ResultCollector rc = 
onServer(clientCache.getDefaultPool()).execute(writeFunction);
+      assertThat(((ArrayList) rc.getResult()).get(0))
+          .isEqualTo(TestFunctions.WriteFunction.SUCCESS_OUTPUT);
+    });
+
+    // expire the current user
+    serverVM.invoke(() -> ExpirableSecurityManager.addExpiredUser("data1"));
+
+    // do a second function execution, if this is successful, it means new 
credentials are provided
+    clientVM.invoke(() -> {
+      ClientCache clientCache = ClusterStartupRule.getClientCache();
+      assertThat(clientCache).isNotNull();
+      UpdatableUserAuthInitialize.setUser("data2");
+      ResultCollector rc = 
onServer(clientCache.getDefaultPool()).execute(writeFunction);
+      assertThat(((ArrayList) rc.getResult()).get(0))
+          .isEqualTo(TestFunctions.WriteFunction.SUCCESS_OUTPUT);
+    });
+
+    // all put operation succeeded
+    serverVM.invoke(() -> {
+      
assertThat(ExpirableSecurityManager.getExpiredUsers().size()).isEqualTo(1);

Review comment:
       I would change this and the following size assertions to use:
   ```
   assertThat(ExpirableSecurityManager.getExpiredUsers()).hasSize(1);
   ```
   This will work as long as the subject (ie `getExpiredUsers()`) is a 
collection or array.
   
   Any failure messages will then list all of the entries.

##########
File path: 
geode-core/src/upgradeTest/java/org/apache/geode/security/AuthExpirationFunctionDUnitTest.java
##########
@@ -0,0 +1,142 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more 
contributor license
+ * agreements. See the NOTICE file distributed with this work for additional 
information regarding
+ * copyright ownership. The ASF licenses this file to You under the Apache 
License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the 
License. You may obtain a
+ * copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software 
distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 
KIND, either express
+ * or implied. See the License for the specific language governing permissions 
and limitations under
+ * the License.
+ */
+package org.apache.geode.security;
+
+import static org.apache.geode.cache.execute.FunctionService.onServer;
+import static 
org.apache.geode.distributed.ConfigurationProperties.SECURITY_CLIENT_AUTH_INIT;
+import static 
org.apache.geode.distributed.ConfigurationProperties.SECURITY_MANAGER;
+import static org.apache.geode.test.version.VersionManager.CURRENT_VERSION;
+import static org.assertj.core.api.AssertionsForClassTypes.assertThat;
+
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Map;
+import java.util.Objects;
+import java.util.Properties;
+
+import org.junit.After;
+import org.junit.BeforeClass;
+import org.junit.ClassRule;
+import org.junit.Test;
+import org.junit.experimental.categories.Category;
+
+import org.apache.geode.cache.RegionShortcut;
+import org.apache.geode.cache.client.ClientCache;
+import org.apache.geode.cache.execute.Function;
+import org.apache.geode.cache.execute.ResultCollector;
+import org.apache.geode.distributed.ConfigurationProperties;
+import org.apache.geode.management.internal.security.TestFunctions;
+import org.apache.geode.test.dunit.rules.ClientVM;
+import org.apache.geode.test.dunit.rules.ClusterStartupRule;
+import org.apache.geode.test.dunit.rules.MemberVM;
+import org.apache.geode.test.junit.categories.SecurityTest;
+import org.apache.geode.test.junit.rules.VMProvider;
+
+@Category({SecurityTest.class})
+public class AuthExpirationFunctionDUnitTest {
+  private static final String RELEASE_VERSION = "1.13.3";
+
+  private static Function<Object> writeFunction;
+
+  private static MemberVM serverVM;
+  private static ClientVM currentVersionClientVM, releaseVersionClientVM;
+
+  @ClassRule
+  public static ClusterStartupRule lsRule = new ClusterStartupRule();
+
+  @BeforeClass
+  public static void beforeClass() throws Exception {
+    Properties properties = new Properties();
+    properties.setProperty(SECURITY_MANAGER, 
ExpirableSecurityManager.class.getName());
+    properties.setProperty(ConfigurationProperties.SERIALIZABLE_OBJECT_FILTER,
+        "org.apache.geode.management.internal.security.TestFunctions*");
+    serverVM = lsRule.startServerVM(0, properties);
+
+    serverVM.invoke(() -> {
+      Objects.requireNonNull(ClusterStartupRule.getCache())
+          .createRegionFactory(RegionShortcut.REPLICATE).create("region");

Review comment:
       I assume you're adding all of these assertions and null checks because 
of an IntelliJ inspection complaining that `ClusterStartupRule.getCache()` can 
be null. I recommend changing `ClusterStartupRule.getCache()` to use some sort 
of NonNull annotation within `ClusterStartupRule` instead.




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

[GitHub] [geode] kirklund commented on a change in pull request #6789: GEODE-9458: function execution with expiring authentication

Reply via email to